At SciNet, we rely on different controls to ensure the protection of our researchers’ data and SciNet systems. These controls are divided into three main categories: physical, technical and administrative controls.
A subset of these controls is listed below.
Physical controls
- Access to our facilities is restricted and reviewed on a regular basis
- Secured areas are monitored
- 24/7 fire & security service is provided by a third party
- Chiller and cooling tower maintain the ideal temperature and humidity in the datacenter
- UPS and generator ensure uninterrupted power source
Technical controls
- Network firewalls and intrusion prevention systems monitor suspicious activities
- Patching of systems is prioritized based on a risk approach
- Two-factor authentication is enforced for privileged users
- Two-factor authentication is offered as optional to researchers
- Backups of systems and researchers’ data are stored securely, in different locations and tested regularly
- Encryption of data in-transit with approved algorithms is enforced to access our systems remotely
Administrative controls
- Security awareness sessions are organized regularly with our staff members
- Incident response plan is tested at least once a year
Please also note that SciNet complies with the University of Toronto standards and the policies of the Digital Research Alliance of Canada:
https://isea.utoronto.ca/information-security-standard/
https://www.alliancecan.ca/en/policies
Do you need more details? Feel free to reach out to us!